samhain is a daemon that can check file integrity, search the file tree for SUID files, and detect kernel module rootkits (Linux only). It can be used either standalone or as a client/server system for centralized monitoring, with strong (192-bit AES) encryption for client/server connections and the option to store databases and configuration files on the server. For tamper resistance, it supports signed database/configuration files and signed reports/audit logs. It has been tested on Linux, FreeBSD, Solaris, AIX, HP-UX, and Unixware.
Release Notes: All-numeric hostnames are correctly recognized now, and inline asm has been disabled on Cygwin/Windows.
Release Notes: Support for sha2-256 has been added and some bugs have been fixed.
Release Notes: A regression in the handling of growing log files has been fixed. For compiling with the kernel check option, the detection of an existing yet non-functional /dev/kmem device has been improved.
Release Notes: Log rotation can be handled more gracefully now. An option to ignore modifications of transient files during their lifetime has been added, and it is possible now to build a Debian client package with a preset password. A problem with large groups has been fixed, as well as reconnecting to a temporarily unavailable Oracle database.
Release Notes: This release fixes a regression that made samhain block indefinitely if the inotify mode for file checking was used.